Network processing at gigabit speeds

Network processing at gigabit speeds Leiden Embedded Research Center Leiden Institute of Advanced Computer Science Leiden University, The Netherlands Mihai Cristea

Packet processing at line rate • Problem domain • Network processors • FFPF (Fairly Fast Packet Filters) • NET-FFPF • FPL-3 programming language

Problem domain • Increasing demands for packet processing tasks: • Network monitoring • Intrusion detection • Firewalling • network speeds vs. bus, memory, processor speeds • Inefficient software

Network processors Packet processing at high speeds

Processing in FFPF Example: monitoring applications HOST App_mon1 App_mon2 PCI StrongARM … ME0 ME1 ME2 MEx RX TX

Distributed packet processing

Distributed processing in NET-FFPF • Heterogeneous processing nodes • Gigabit speeds support • Easy programming language: FPL-3 • Provides: • Load balancing; • Traffic monitoring; • Firewalling .... At link rates

Traffic monitoringmapped onto APT

Traffic monitoringmapped onto dAPT

FPL-3 programming language • Generic header-based filtering • Payload scanning • Looping & branching • Packet replication • Traffic splitting • Compiles to machine code • Distributed support across a network IF (PKT.PROTO == UDP) THEN R[0] = Hash(26,12,1024); M[R[0]]++; FI

user Monitoring results Write filters SWITCH NP Filtering Network traffic NP NP Filtering Filtering&splitting NP Filtering Using NET-FFPF

Performance

Conclusion • NET-FFPF distributed network processing environment • FPL-3 programming language

Questions ?

IXP1200 architecture

Network processing at gigabit speeds